# |
May 1st 2021, 15:30 |
kevin.pfeifer |
oh wow ok |
# |
May 1st 2021, 15:26 |
ndm |
Just recently had the pleasure to work on something where a "base entity" was changing/reconfiguring the application's database connections, oh boy, that was just... no, just no, I've never cursed so much in my whole life :) |
# |
May 1st 2021, 15:23 |
kevin.pfeifer |
alright, noted :spiral_note_pad: and learned something new :) thx |
# |
May 1st 2021, 15:22 |
slackebot |
of hell :grimacing: |
# |
May 1st 2021, 15:22 |
ndm |
I mean, I'm not sure if there are any broadly accepted rules of what utility classes are, for me state was always one of the main indicators, as static method calls make them hard-dependencies, which seems to be one of the main points of contention that people have with them... aaaanyways, I just wanted to say, don't stuff your CakePHP "entities" with logic, I've never seen a project where this doesn't pave the road to the 7 gates |
# |
May 1st 2021, 15:14 |
kevin.pfeifer |
but i think we get into a bit more deeper software design aspect here :) |
# |
May 1st 2021, 15:12 |
kevin.pfeifer |
i know that the DI Container always gives you back an instances of that class and therefore you have state in that object |
# |
May 1st 2021, 15:11 |
kevin.pfeifer |
sure ok, it could be that our definitions/understandings of utility classes are a bit different. For me a utility class is just a plain old class which helps you re-use code in multiple other locations (in my examples most of the time in commands and controllers) For me its not that important if they have a state or if these functions are all called statically and therefore have no state |
# |
May 1st 2021, 15:08 |
ndm |
As soon as you can obtain them from a container they will be instances, ie not just classes with static methods, so then a big part of what usually makes a utility class a utility class, eg no state, is already gone. It could still be a hot mess of course :upside_down_face: |
# |
May 1st 2021, 15:02 |
kevin.pfeifer |
and since there is a DI Container now in Cake its even easier to use them |
# |
May 1st 2021, 15:02 |
kevin.pfeifer |
Utility Classes are just something I am very familiar now when it comes to code refactoring and putting duplicate code into one place |
# |
May 1st 2021, 15:01 |
kevin.pfeifer |
alright :) |
# |
May 1st 2021, 15:00 |
martin |
Think I can make a listener for the crud plugin so I can do it in the after paginate, not sure if I need it on more places but Guess that can happen in the future. https://crud.readthedocs.io/en/latest/events.html#modify-the-result |
# |
May 1st 2021, 14:59 |
ndm |
Don't let the OOP people here you talking about utility classes :) But yeah, as a general concept, a link that knows about authorization as well as entities and puts the two things together, so that they are kept properly separated. |
# |
May 1st 2021, 14:56 |
kevin.pfeifer |
per controller function |
# |
May 1st 2021, 14:56 |
kevin.pfeifer |
as far as i have seen it now |
# |
May 1st 2021, 14:56 |
kevin.pfeifer |
and add those virtual fields manually |
# |
May 1st 2021, 14:56 |
kevin.pfeifer |
before you send the data to the client |
# |
May 1st 2021, 14:56 |
kevin.pfeifer |
or some logic |
# |
May 1st 2021, 14:56 |
kevin.pfeifer |
you will need to create a utility class |
# |
May 1st 2021, 14:53 |
martin |
yes I have that scope already build in (build a listener for that so it works everywhere), so the only thing I have to do is to add that can edit to the response, will check monday how I can do that |
# |
May 1st 2021, 14:53 |
kevin.pfeifer |
ok, i was not quite sure what you meant by decorating entites but i think i get it now. So creating a e.g. Utility Class which extends each entity in each controller function (where needed) and adds those virtuals fields accrodingly |
# |
May 1st 2021, 14:53 |
ndm |
tbf, I'm not overly familiar with the CRUD plugin |
# |
May 1st 2021, 14:52 |
ndm |
I don't see why any of this would require logic in the entities themselves, that still sounds like something to me that I'd probably solve by decorating the entities, for example via a service that the controller requires, or in a custom view class that transforms the data. |
# |
May 1st 2021, 14:47 |
kevin.pfeifer |
I am just imagining a role based auth system where certain roles can edit e.g. other users data. Therefore if you go to the `index` function of users you could see all entities but can only edit some of them. Even more if your in an API/CRUD-Plugin based system where you basically need that info in the entity I just don't know how you would otherwise solve that problem "correctly" |
# |
May 1st 2021, 14:40 |
ndm |
CakePHP's entities aren't really business/domain entities, they're more like not completely stupid DTOs, IMHO they shouldn't know about things like authorization. Without knowing all the context, I'd say that's probably a job for some kind of service/decorator that can be fed with the required dependencies, process the entities and add additional information to them. |
# |
May 1st 2021, 14:30 |
kevin.pfeifer |
how this connects via the crud plugin, i have no idddddddea |
# |
May 1st 2021, 14:28 |
kevin.pfeifer |
``` public function index() { $query = $this->Authorization->applyScope($this->Users->find()); $users = $this->paginate( $query ); $this->set( compact( 'users' ) ); }``` |
# |
May 1st 2021, 14:28 |
kevin.pfeifer |
and in your controller you can apply that scope via |
# |
May 1st 2021, 14:28 |
kevin.pfeifer |
which basically can have as many functions just like thath ``` public function scopeIndex( IdentityInterface $user, Query $query ) { return $query->were(['Users.id' => 1]); }``` |
# |
May 1st 2021, 14:27 |
kevin.pfeifer |
so you generate a Table Policy for your e.g. UsersTable |
# |
May 1st 2021, 14:26 |
kevin.pfeifer |
well basically you should apply scopes to your queries |
# |
May 1st 2021, 14:25 |
martin |
but quess I need to do this in the controller, add that to the output, need to check how I can do that when since I use the CRUD plugin :) |
# |
May 1st 2021, 14:23 |
martin |
yes when the suer is not allowed to see it is not in the output, so online if user can edit is required to add. |
# |
May 1st 2021, 14:09 |
kevin.pfeifer |
would be pretty awesome if we could set a virtual boolean field like `canEdit` automatically on each entity |
# |
May 1st 2021, 14:03 |
kevin.pfeifer |
@rightscoreanalysis i guess you could do something like that with "just" a .htaccess rewrite rule |
# |
May 1st 2021, 14:03 |
kevin.pfeifer |
as Martin already asked yesterday: Is it possible to access authorization data inside an entity? In his example he as an API where he needs to no which entity can be e.g. edited or deleted by the current user. |
# |
Apr 30th 2021, 23:00 |
rightscoreanalysis |
in the above case I want this to route to orders/view/5 |
# |
Apr 30th 2021, 22:36 |
rightscoreanalysis |
I have a problem because I need to handle routes such as: ```orders/store?store_id=5``` |
# |
Apr 30th 2021, 20:34 |
admad |
you can't use query string in routes |
# |
Apr 30th 2021, 20:32 |
rightscoreanalysis |
trying to escape it |